MCP's form mode elicitation works great for basic data, but production use cases need something more secure for payments, OAuth, and API keys.
In this demo, Wils walks through the new URL mode elicitation proposal that adds a secure option for sensitive data handling in MCP.
You'll see:
- Live OAuth implementation between MCP client and server
- Secure payment confirmation flow with proper isolation
- Third-party auth without exposing tokens to the LLM
- API key collection that respects security boundaries
- Progress tracking for async operations
This proposal extends MCP's capabilities to handle enterprise-grade security requirements while maintaining compatibility with existing implementations.
🚀 Join the Conversation:
💡 Review the PR and share your thoughts: https://github.com/modelcontextprotocol/modelcontextprotocol/pull/887
📚 Read our technical analysis: https://blog.arcade.dev/mcp-server-authorization-guide
Building with MCP? We'd love to hear about your use cases.
→ Try Arcade for production-ready tools: https://www.arcade.dev/
Timestamps:
0:00 Intro & OAuth setup
2:50 URL mode elicitation demo
5:30 Form mode comparison
7:15 Payment confirmation flow
11:30 Third-party OAuth implementation
14:00 API key collection pattern
Built by Arcade.dev - helping developers build secure, production-ready AI agents with MCP and beyond.
